I have been using my WGR614v6 with V2.0.19_1.0.19NA firmware to block “tracking” and banner advertising sites but now I’m wondering if the Netgear is actually blocking traffic.

What happened was that I was having an issue with the router seeming to fail to block a particular site in Russia. A little background. 1) The DNS for this site is very slow when it works at all. 2) The site itself is extremely slow when it works at all. 3) The site has an HTML page that displays “Wait 3 seconds…” and includes a meta refresh that redirects to a PHP page on the same site in 2 seconds.

I blocked this site in the WGR614v6, started up a network sniffer, and from a browser window requested the HTML page. Here’s the results.
1) The “wait 3 seconds…” shows almost immediately in FireFox.
2) I get a DNS response back in 1.5 seconds. The implication is that FireFox had already flagged this site as “slow” and gave me its cached contents.
3) The browser connected up on port 80 via TCP (getting the ACK in 0.3 seconds) and sent a GET request for the PHP page indicating it did not even try to fetch the HTML and also that it used the cached DNS response from the HTML page as the PHP is on the same site.
4) 3.3 seconds later the TCP stack sends a second GET request.
5) 6.5 seconds after the second GET the TCP stack sends a third GET.
6) 11.1 seconds after the first GET the remote server responds with a TCP ACK.
7) 23.3 seconds after the first GET the remote server must have responded as I get a 503 Service Unavailable / “Web Site Blocked by NETGEAR Firewall”.
8) TCP ack/close takes 9 seconds.

Getting a network sniffer set up between the router and DSL modem to prove this will take a bit of work but the implication is the WGR614v6 did not block the Brower’s GET request at all but instead waited until it got a response from the “blocked” site and replaced that with a “site blocked” response.

Can one of the Netgear wizards confirm this is the case? I don’t have time to do the testing this weekend but if the WGR614v6 is in fact forwarding GET requests to blocked sites and blocking the response then that defeats the entire purpose of my blocking which is 1) I want to give as little information to tracking sites as possible. I don’t care if they know my IP address from the TCP connect but the GET request contains things such as the full URL of a banner ad (which could be referenced back to the original site and then back to me), the full Cookie from before I blocked the site plus additional info such as my operating system, browser, etc. 2) I had also blocked with the assumption that it would make the browsing experience much faster in that the Netgear would be responding in microseconds with a “site blocked” page rather than waiting milliseconds or even tens of seconds, for the remote site to respond before showing me “site blocked.”

A related issue is if a site is blocked then can’t the DNS server that’s built into the router respond back with a hardwired address and when it sees the TCP connect and then GET for that address to then return “site blocked?”